Beware the place of removable media in cybercrime
Even something as big as a global gathering of nations could have its share of cyber shenanigans, and innocent-looking USB sticks and smartphone chargers could be the tools of crime. Not all malicious threats are apparent as DDoS (Distributed Denial of Service). The G20 Summit was held in Saint Petersburg on September 5-6, 2013 with a group of finance ministers and central bank governors from 19 countries and the European Union. Specifically, they were Argentina, Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Italy, Japan, Republic of Korea, Mexico, Russia, Saudi Arabia, South Africa, Turkey, United Kingdom, United States. America and the European Union, represented by the President of the European Council and by the Head of the European Central Bank. Russia assumed the presidency of the G20 on December 1, 2012, for the first time in the country. The main thinking and planning categories are Business 20, Think 20, Civil 20, Youth 20, and Labor 20.
At the September 2013 summit, heads of state and their teams were presented with USB thumb drives with the ability to copy sensitive data from the laptops they were inserted into. Reports also noted that the representatives received gifts from smartphone chargers who may have surreptitiously looked at their emails, SMS and phone calls. Was someone trying to spy on the G20 participants on purpose? If so, who was responsible?
The “espionage” campaign was first noted by Herman Van Rompuy, president of the European Council, the Italian newspaper Corriere della Sera noted. He covered the story on his cover. Mr Van Rompuy ordered the analysis of the USB sticks and other devices by intelligence experts in Brussels and the German secret service. The Brussels component stated that the accusations were not true and that there was nothing wrong with the giveaway devices.
How can USB sticks and smartphone chargers be used to hack devices that access the Internet? In fact, they are responsible for some offline cyber attacks! Kaspersky noted in August 2013 that “it is becoming more and more common for attackers to find new ways to infiltrate your devices, such as through your removable media.” Removable media includes readers, writers, and drives.
Every optical disc (Blue-ray disc, DVD, CD), memory card (CompactFlash card, Secure Digital card, Memory Stick), floppy disk, zip disk, magnetic tape, disc packages, VHS tape, USB flash drive (also called ), external hard drive, digital camera, printer, smartphone, and other attachable or external peripherals that are easily removed or inserted into a system are removable media. They are all capable of infecting, copying and spying on the system and the network if they have the right compromised file. If they can store media, that media could be a malicious threat.
Some best practices to use when using thumb drives or other removable media:
1. Set up automation of scans the moment items are connected to a device.
2. Regularly update the device operating system(s). Updates are available for Mac, Windows, Android, Linux, and other operating systems. Set updates to occur automatically or even manually at least once a day.
3. Know what is behind the attachments and links of chat, wall, timeline or private messages from Facebook, Twitter or other social network. A good tip is to hover over the link without clicking to see a preview of what’s there.
4. Removable media for personal needs should be kept separate from critical business needs. Music and video files that are downloaded from websites, forums, and file sharing sites should never be mixed with crucial data.
Please note: even reports on Edward Snowden’s activities in 2013 show that he used a flash drive when he downloaded data from the NSA. The USB stick was also the vehicle for two other famous cyberattacks, the devastating malware Stuxnet worm and the data exfiltration vector associated with the Flame virus. The extractable data was connected to a computer and secretly collects data based on certain keywords. The documents are then hidden in a stolen secret folder on the USB drive until it is plugged back into any computer with internet access. The documents are then automatically sent to certain IP addresses of the perpetrators who originated them for their purposes.
Like DDoS attacks, compromised removable media is often a cover or part of other fraudulent activities, such as theft of sensitive documents, extortion, and ransomware, and not just childish pranks.
